I'd like to add some clarification here on the use of the service account available in Cisco IPS sensors. From the IPS configuration guides:
The service account is a support and troubleshooting tool that enables TAC to log in to a native operating system shell rather than the CLI shell. It does not exist on the sensor by default. You must create it so that it is available for TAC to use for troubleshooting your sensor.
Only one service account is allowed per sensor and only one account is allowed a service role.
The service account is not intended to be used for configuration purposes. Only modifications made to the sensor through the service account under the direction of TAC are supported. Cisco Systems does not support the addition and/or running of an additional service to the operating system through the service account, because it affects proper performance and proper functioning of the other IPS services. TAC does not support a sensor on which additional services have been added.
Any changes made via the service account will not survive a software upgrade. Making unsupported changes via the service account may also require re-imaging the sensor to factory defaults to allow effective troubleshooting to occur during a TAC service request.
The module will still be supported; but it will most likely be necessary to revert the module to factory defaults (re-image) early in the process to ensure it is not an unsupported change that is causing issue.
It is possible, depending on the changes implemented, that a signature update could revert a change; that is why the service account should not be utilized for direct or long-term configuration changes. Most changes performed via the service account are under TAC direction, and are usually reverted when the troubleshooting is completed.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :